Secure Civil Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin MITRE | July 20, 2012.

Slides:

Advertisements

Similar presentations

Probabilistic Secure Time Transfer: Challenges and Opportunities for a Sub-Millisecond World Kyle D. Wesson, Prof. Todd E. Humphreys, Prof. Brian L. Evans.

Advertisements

Challenges of Practical Civil GNSS Security Todd Humphreys, UT Austin Civil Navigation and Timing Security Splinter Meeting |Portland, Oregon | September.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Protecting Civil GPS Receivers

GPS Spoofing & Implications for Telecom Kyle Wesson The University of Texas at Austin Sprint Synchronization Conference | September 18, 2013.

ION GNSS 2011, September 23 rd, Portland, Oregon Improving Security of GNSS Receivers Felix Kneissl University FAF Munich.

GNSS Security Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | September 18, 2014.

Secure Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin LAAFB GPS Directorate | December 5, 2012.

Millimeter-accurate Augmented Reality enabled by Carrier-Phase Differential GPS Ken Pesyna, Daniel Shepard, Todd Humphreys ION GNSS 2012 Conference, Nashville,

Imbedded SSR Mode-S Logic Control Unit University of Stellenbosch Department of Electrical & Electronic Engineering K. Gastrow 4 December 2009.

Thursday, 3:55pm, room 24 This session will discuss techniques for enhancing the ability of receivers to detect, disregard, and operate through intentional.

University of Kansas Department of Electrical Engineering and Computer Science 1 Radar Systems and Remote Sensing Lab Information and Telecommunication.

AI and Autonomous Vehicles Daniel Landers COMP Intelligent and Interactive Systems 3/10/2007.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Workshop EGNOS KRAKÓW GNSS RECEIVER TESTING TECHNIQUES IN A LABORATORY ENVIRONMENT Institute of Radar Technology Military University of Technology.

14/03/2005 CGSIC Meeting, Prague, Czech Republic Oscar Pozzobon Chris Wullems Prof. Kurt Kubik Security issues in next generation satellite systems.

Distance-decreasing attack in GPS Final Presentation Horacio Arze Prof. Jean-Pierre Hubaux Assistant: Marcin Poturalski January 2009 Security and Cooperation.

Background Accessibility Popularity of GPS and INS –Cell phones Apple iPhone, Blackberry, Android platform –Nintendo Wii Wii Remote, MotionPlus.

Protected GPS Directional Antenna Array Dr. P. A. Molchanov, Dr. V.M. Contarino, Dr. O.V. Asmolova.

seminar on Intrusion detection system

UAV Integration: Privacy and Security Hurdles Todd Humphreys | Aerospace Engineering The University of Texas at Austin Royal Institute of Navigation UAV.

Autonomous Control of Scalextric Slot Car on User-Defined Track Siddharth Kamath Souma Mondal Dhaval Patel School of Electrical and Computer Engineering.

Frontiers in Radionavigation Dr. Todd E. Humphreys.

Characterization of Receiver Response to a Spoofing Attack Daniel Shepard DHS visit to UT Radionavigation Lab 3/10/2011.

Thoughts on GPS Security and Integrity Todd Humphreys, UT Austin Aerospace Dept. DHS Visit to UT Radionavigation Lab | March 10, 2011.

WNCG, UT Austin, 1 April 2011 Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Civilian GPS Spoofing Detection based on.

MCS Business Profile Yr Copyright (C) MCS 2013, All rights reserved. 2 MCS Business Focus MCS Business Profile MCS has a business.

Unit 3a Industrial Control Systems

Kyle Wesson, Mark Rothlisberger, and Todd Humphreys

How Global Positioning Devices (GPS) work

Extending the Reach of GPS-assisted Femtocell Synchronization and Localization through Tightly- Coupled Opportunistic Navigation Ken Pesyna, Kyle Wesson,

Improving the Security of GNSS Receivers Portland, Oregon | September 23, 2011.

Oscar Pozzzobon Technical Director, Qascom ION GNSS 2011, September 23, Portland, US.

ION/GNSS 2011, 23 Sept Mark L. Psiaki Sibley School of Mechanical & Aerospace Engr., Cornell University Developing Defenses Against Jamming & Spoofing.

NC-BSI 2.3: Smart Border Systems for Localization and Tracking Problem Statement/Objectives Develop methods which will allow accurately, robustly and ubiquitously.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Evaluation of Smart Grid and Civilian UAV Vulnerability to GPS Spoofing Attacks D. P. Shepard, J. A. Bhatti, T. E. Humphreys, The University of Texas at.

An Evaluation of the Vestigial Signal Defense for Civil GPS Anti-Spoofing Kyle Wesson, Daniel Shepard, Jahshan Bhatti, and Todd Humphreys Presentation.

Riding out the Rough Spots: Scintillation-Robust GNSS Carrier Tracking Dr. Todd E. Humphreys Radionavigation Laboratory University of Texas at Austin.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Protecting Privacy in WLAN with DoS Resistance using Client Puzzle Team 7 Yanisa Akkarawichai Rohan Shah CSC 774 – Advanced Network Security Prof. Peng.

Introduction to Networked Robotics CS 643 Seminar on Advanced Robotics Wenzhe Li, Graduate Student Texas A&M University.

Quickest Detection of GPS Spoofing Attack Z. Zhang, M. Trinkle, L. Qian, and H. Li MILCOM 2012 Nadia Adem 10/27/2014.

GPS: Everything you wanted to know, but were afraid to ask Andria Bilich National Geodetic Survey.

Network UAV C3 Stage 1 Final Briefing Timothy X Brown University of Colorado at Boulder Interdisciplinary Telecommunications Program Electrical and Computer.

Characterization of Receiver Response to a Spoofing Attack

Tightly-Coupled Opportunistic Navigation for Deep Urban and Indoor Positioning Ken Pesyna, Zak Kassas, Jahshan Bhatti, and Todd Humphreys Presentation.

GPS Spoofing Detection System Mark Psiaki & Brady O’Hanlon, Cornell Univ., Todd Humphreys & Jahshan Bhatti, Univ. of Texas at Austin Abstract: A real-time.

Future Directions in GNSS Research Todd Humphreys | Aerospace Engineering The University of Texas at Austin GPS World Webinar | November 15, 2012.

Precision Limits of Low-Energy GNSS Receivers Ken Pesyna and Todd Humphreys The University of Texas at Austin September 20, 2013.

Global Positioning System A tool for to build spatial information systems.

Characterization of Receiver Response to a Spoofing Attack Daniel Shepard Honors Thesis Symposium 4/21/2011.

Navy GPS GPS Users Conference 02 November 2000 LCDR Drew Williams SSC-SD, Code D315 GPS Division GPS Vulnerability.

Geoencryption Using Loran Di Qiu, Sherman Lo, Per Enge Stanford University Sponsored by FAA Loran Program.

Assessing the Civil GPS Spoofing Threat

Secure positioning in Wireless Networks Srdjan Capkun, Jean-Pierre Hubaux IEEE Journal on Selected area in Communication Jeon, Seung.

A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.

Younis H. Karim, AbidYahya School of Computer University Malaysia Perlis 1.

© 2012 Anwendungszentrum GmbH Oberpfaffenhofen Idea by: Dr. Eng. Mohamed Zayan | 1.

GPS Denial – Causes and Solutions Neil Gerein. NovAtel Inc. Proprietary Moving, or gathering data, you need to know where you are 2.

Physical Layer Authentication for Mobile Terminals over MIMO Fading Wiretap Channels. Mahendra Kumar Shukla(2011-DC-07) December.

PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.

Practical Cryptographic Civil GPS Signal Authentication

De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Peng Cheng 03/22/2017.

Sri Naga Jahnavi Yeddanapudy

Counter-UAV Challenges: Is GNSS Spoofing Effective?

IMAGE BASED VISUAL SERVOING

Sri Naga Jahnavi Yeddanapudy

GNSS Vulnerabilities Mitigation for Timing Applications

Todd Humphreys | Aerospace Engineering

Presentation transcript:

Secure Civil Navigation and Timing Todd Humphreys | Aerospace Engineering The University of Texas at Austin MITRE | July 20, 2012

University of Texas Radionavigation Lab graduate students Jahshan Bhatti, Kyle Wesson, Ken Pesyna, Zak Kassas, and Daniel Shepard Mark Psiaki, Brady O’Hanlon, Ryan Mitch (Cornell) Brent Ledvina (Coherent Navigation) Aaron Fansler (Northrop Grumman) Acknowledgements

UTC Hours Meters Error 4:00 AM May 2, 2000

GPS Jammers

GPS Spoofer

iPhone Video

University of Texas Spoofing Testbed

Internet or LAN Receive AntennaExternal Reference Clock Control Computer GPS Spoofer UAV coordinates from tracking system Transmit Antenna Spoofed Signals as a “Virtual Tractor Beam” Target UAV Commandeering a UAV via GPS Spoofing

UAV Video

RAIM was helpful for spoofing: we couldn’t spoof all signals seen by UAV due to our reference antenna placement, but the Hornet Mini’s uBlox receiver rejected observables from authentic signals, presumably via RAIM Overwhelming power is required for clean capture: A gradual takeover leads to large ( m) multipath-type errors as the authentic and counterfeit signals interact The UAV’s heavy reliance on altimeter for vertical position was easily overcome by a large vertical GPS velocity Surprises (1/2)

Not possible even to station keep with a captured UAV based on visual position estimates: GPS capture breaks flight controller’s feedback loop; now spoofer must play the role formerly assumed by GPS. Implication: An accurate radar or LIDAR system would be required for fine “control” of UAV via spoofing Compensating for all system and geometric delays to achieve meter-level alignment is challenging but quite possible In high-stakes situations, graduate students are steadier than assistant professors Surprises (2/2)

Require navigation systems for UAVs above 18 lbs to be certified “spoof-resistant” Require navigation and timing systems in critical infrastructure to be certified “spoof- resistant” “Spoof resistant” defined by ability to withstand or detect civil GPS spoofing in a battery of tests performed in a spoofing testbed Recommendations

Spoofing Defenses Cryptographic Non-Cryptographic Stand-Alone Networked J/N Sensing (Ward, Scott, Calgary) SSSC or NMA on WAAS (Scott, UT) All-Signals Defense (DARPA, BAE, UT) Single-Antenna Spatial Correlation (Cornell, Calgary) SSSC on L1C (Scott) NMA on L2C, L5, or L1C (MITRE, Scott, UT) Signal Forensics (TENCAP, Ledvina, Torino, UT) Multi-Antenna Defense (Keys, Montgomery, DLR, Stanford) P(Y) Cross-Correlation (Stanford, Cornell)

Public-Key Signal Authentication: Receiver Perspective Code Origin Authentication Code Timing Authentication Wesson, K., Rothlisberger, M., and Humphreys, T. E., “Practical Cryptographic Civil GPS Signal Authentication,” NAVIGATION: The Journal of the Institute of Navigation, to be published.

Security Code Estimation and Replay Detection Inside the Spoofer: Security Code Chip Estimation Inside the Defender: Detection Statistic Based on Specialized Correlations

Security Code Estimation and Replay Detection: Hypothesis Testing During an Attack Humphreys, T. E., “Detection Strategy for Cryptographic GNSS Anti-Spoofing,” IEEE Transactions on Aerospace and Electronic Systems, to be published.

Operational Definition of GNSS Signal Authentication GNSS signal is declared authentic if since some trusted initialization event: 1.logical output S has remained low, and 2.logical output H 1 has remained low, and 3.output P D has remained above an acceptable threshold

Hard to characterize the null hypothesis for a crypto defense on a dynamic platform – hard to keep false alarm rate under control All crypto defenses ineffective against near-zero- delay meaconing (entire band record and playback) timing attacks Civil GPS crypto defenses will probably be funded and implemented just before the heat death of the universe Is envisioning widespread adoption of non-crypto defenses just wishful thinking? Nagging Concerns

radionavlab.ae.utexas.edu